Services are usually provided by combining multiple functions. These functions can be manual, automated, or a mixture of the two. When identifying system assets, understanding the difference between manual and automated is important.
An automated spam appliance used to filter spam is an example of a system function. The spam appliance could also be considered one of many functions used to provide email service. Other functions for email could include the ability to scan for malware and to sign and encrypt messages.
Some systems use manual instead of technical methods. For example, for a hotel using manual methods, employees can track everything from the initial reservation to checkout using paper logs. Although hard to believe, that’s how it was done about 20 years ago. If the process is manual, there are two primary asset values:
In this example, the value is the written records and the personnel with the knowledge of the process. Although visiting a hotel today that uses only manual methods is unlikely, working at a company that uses manual internal company processes is possible.
A hotel may be able to automate many of its processes. Because it is part of a service industry, the hotel will still include some human interaction. The following example shows how a hotel could automate the majority of its processes.
Customers could register online, and many hotels prefer that they do. Some hotels give discounts for users who do register online. Customers would be able to see which days are available and what the costs are for each day. They can pick their days and make deposits or payments. Online registration reduces the cost of labor for the hotel.
The reservation would then be in the system when the customers arrive. They would check in with a friendly receptionist, who would check the details via the automated system. The receptionist would confirm the details, and the customers would soon be on their way to the room, perhaps with the bell staff towing their luggage.
Some hotels offer convenience bars, which are often automated, that include snacks and refreshments. When the customer picks anything up, the convenience bar senses the change in weight, and the front desk is alerted upon checkout that the customer may owe something. The charge for this convenience is often very high. For example, a candy bar purchased for $.75 elsewhere may cost $5.00.
Many hotels often include a TV channel showing the customer’s bill. This bill is updated automatically when a customer charges a bill at a restaurant or retrieves a cold bottle of water from the convenience bar. When the customer is ready to check out, he or she accesses the TV channel to pay the bill. Soon the customer is heading to the airport and home sweet home.
When evaluating this type of automated method, several other things need to be considered, such as the following:
Many laws mandate the protection of personally identifiable information (PII). PII is any data that can be used to identify an individual and can also be medical, financial, or criminal data. The National Institute of Standards and Technology (NIST) published SP 800-122, which is a guideline used to help government entities and public companies protect PII. The European Union recently updated its guideline to reflect what is now known as the General Data Protection Regulation (GDPR).
The important point to remember is that assets are more than just things. They can also be the processes that provide the services.